Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Extending benchmarks to Rust targets #1874

Open
addisoncrump opened this issue Jul 19, 2023 · 4 comments
Open

Extending benchmarks to Rust targets #1874

addisoncrump opened this issue Jul 19, 2023 · 4 comments

Comments

@addisoncrump
Copy link
Contributor

addisoncrump commented Jul 19, 2023
edited
Loading

As discussed in FUZZING'23, we want to extend Fuzzbench to allow for Rust targets. Not all fuzzers will be compatible, but we would like to define a standard interface for those which are. We suggest the following and ask for input so that future fuzzers may also support Rust benchmarks.

Rust harnesses

Most Rust fuzz harnesses built with cargo-fuzz should be straightforward to modify such that they emit staticlib build units instead of executable binaries. In recent versions of libfuzzer-sys, the common crate for providing libfuzzer bindings to cargo-fuzz targets, you can choose to not link libfuzzer and instead only use the function names. This turns a Rust harness into a classical LLVMFuzzerTestOneInput-style harness. We propose to build Rust benchmarks in this way and link against the static libraries like existing benchmarks.

Build flags and compilers

Rust fuzzers may use a specialised rustc by exporting the CARGO_BUILD_RUSTC environmental variable. In addition, fuzzers using default rustc may export specific build flags with the RUSTFLAGS environmental variable. The latter is done by cargo-fuzz.

Detecting Rust compatibility

If a fuzzer does not set the RUSTFLAGS or CARGO_BUILD_RUSTC variable before performing the build, we should assume that it does not support Rust (no instrumentation passes would be executed). Alternatively, we should export a fuzzer.compatible_languages() function in each fuzzer, which may future-proof in the case of e.g. JavaScript/Java-specific fuzzers.
@jonathanmetzman
Copy link
Contributor

Hmm...I guess we could also use the blacklisting feature to disable incompatible fuzzers. and it would keep the API thinner. Let me think about this.

@jonathanmetzman
Copy link
Contributor

I like the idea of having benchmarks opt-in to be part of a "group" (e.g. rust) and then fuzzers can say which groups they want to be fuzz.

@addisoncrump
Copy link
Contributor Author

addisoncrump commented Sep 15, 2023
edited
Loading

I think it makes the most sense if you ever want to extend to e.g. JS/Python/firmware etc. fuzzing.

@jonathanmetzman
Copy link
Contributor

Can we start with blacklisting fuzzers for now? I'm happy to accept rust targets, though I'm not sure there's real benefit (hard to believe we could write a fuzzer better/worse for rust than C/C++)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@addisoncrump @jonathanmetzman